The Computer Science Department, in collaboration with the Institute for Information Assurance at IUP, will host the fifth annual Information Assurance Day on November 1, 2012, from 9:00 a.m.– 4:00 p.m., at the Delaware Room in the HUB at IUP.

Biographical Information

Dr. Patrick McDaniel

Patrick McDaniel is a professor in the Computer Science and Engineering Department at Pennsylvania State University and codirector of the Systems and Internet Infrastructure Security Laboratory. Patrick's research efforts centrally focus on network, telecommunications, and systems security, language-based security, and technical public policy. Patrick is editor-in-chief of the ACM journal Transactions on Internet Technology, and serves as associate editor of the journals ACM Transactions on Information and System Security and IEEE Transactions on Computers, and stepped down from the associate editor of IEEE Transactions on Software Engineering position in 2012. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security, including the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.

Dr. Adam J. Lee

Dr. Adam J. Lee is currently an assistant professor of computer science at the University of Pittsburgh. He received the M.S. and Ph.D. degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his B.S. in Computer Science from Cornell University. His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. His recent research has been funded by the National Science Foundation and DARPA.

Corporal John Roche

Abstracts

Dr. Patrick McDaniel – Pennsylvania State University

Topic: Electronic Voting: A Retrospective

Abstract:In the winter of 2007, the Ohio Secretary of State, Jennifer Brunner, initiated the "Evaluation & Validation of Election-Related Equipment, Standards and Testing (EVEREST)" study. Largely in response to growing public concerns, the study participants where charged to analyze technical and procedural issues associated with electronic voting systems used in Ohio. In this talk, Penn State Professor Patrick McDaniel discusses his experiences as the lead of the EVEREST study, and highlights the key findings of the report. A description of the physical and technical processes of running an election will be given, and the study participants and scientific methods detailed. Summary findings will be overviewed and demonstrated via examples of security vulnerabilities present in the voting systems currently used in Ohio. Particular attention will be given to the ways that these vulnerabilities can be exploited to affect the integrity and voter privacy of national and local elections. The speaker will conclude by presenting the research team's views on critical challenges facing election officials in Ohio, and frankly comment on the ability of voting system to provide for the integrity of the upcoming presidential election and beyond.

Dr. Adam Lee – University of Pittsburgh

Topic: Improved Privacy Through Exposure Control

Abstract:
With the advent of pocket-computing devices such as smartphones, an increasing number of people are sharing or broadcasting personal contextual information using social-networking services such as Facebook and Twitter. For example, people are now sharing not only their location, but also geo-tagged photographs, activity information (e.g., "walking", "running", or "dancing") as deduced from onboard sensors such as accelerometers, and fitness information. In the near future, it is expected that additional sensors will even enable remote health monitoring to aid, for example, medical personnel or family members caring for the elderly.

A large body of research has focused on disclosure policies for personal information (i.e., Who should see my information?), but has neglected to characterize what we call a user's exposure (i.e., Who is accessing my information and to what extent?). Existing work on disclosure policies allows, e.g., Alice to specify that her co-workers are permitted to access her physical location during the work week. While such policies may provide Alice with some baseline notion of exposure control, they do not provide Alice with feedback about her queriers. Would Alice still feel in control if she learned that Bob was accessing her location every 5 minutes? Or if every member of her project team checked her location while she was visiting a medical specialist? In addition to specifying who has access to personal information, users need a way to quantify, interpret, and control the extent to which this data is accessed, cross-correlated, and disseminated.

In this talk, we will discuss the results of an ongoing research collaboration between the University of Pittsburgh and Indiana University at Bloomington that is addressing many facets of the exposure problem. Our primary focus will be on the necessity of an exposure control loop in which sharing preferences are specified, exposure is quantified and visualized, and users react by revising their information sharing habits and preferences. This research is sponsored by the National Science Foundation under awards CNS-1017229 (Pitt) and CNS-1016603 (IU).

Corporal John Roche – Pennsylvania State Police

Topic: Computer Crime Investigation: A Case Study

Abstract:
The presentation will include a case study on a recent investigation that included many different aspects of computer crime investigation and computer forensic examination methods and techniques. Also a live demonstration of a forensic examination will be conducted. A question and answer session will complete the presentation.

IUP Services Staff – Indiana University of Pennsylvania

Topic: Mobile Device Security Guidelines: From Idea to Implementation

Abstract:
The astounding explosion of mobile device usage is creating unprecedented challenges for information technology organizations. Connectivity, authentication, updates, sensitive data storage, the incredibly rapid speed at which one platform is abandoned in favor of another and the numerous implications of the “bring your own device” (BYOD) reality are just a few of these issues.
Indiana University of Pennsylvania (IUP) is developing a variety of strategies, tactics, and operational techniques aimed at meeting this evolving trend. This presentation will focus on IUP’s Mobile Device Security Guidelines—which have been recognized as a model within the Pennsylvania State System of Higher Education (PASSHE).
The methods used by IT Services leadership to first determine that guidelines were necessary will be discussed, along with the steps used to configure the guidelines and an exploration of the guidelines themselves. The critical issue of merging industry-standard best practices into the local business culture—such as how preexisting related policies and practices influenced the guidelines—will also be reviewed.